Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Purging Blaster.worm

From: Andrew Hecox <ahecox () uchicago edu>
Date: Wed, 13 Aug 2003 19:40:29 -0500 (CDT)

On Wed, 13 Aug 2003, Stuart wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Is it not possible to create another worm or modify this worm to
actually patch the machines? :)
Looking at the Symantec removal tool there is a silent mode.. A few
days back I was on the Microsoft site and I also saw an option for a
non interaction install for the RPC patch but looking through the
site now I cannot find it :(
The "fixing worm" could scan for 2 hours then purge itself?

Just a thought 

Stu


Strictly speaking, you wouldn't have to modify the worm- you can just
change the name of the sarc tool to msblast.exe and position it
properly. Symantec's tool runs fine under an alternate file name.

That said, I wouldn't want to be the one with my head on the chopping
block when a bug in the worm crashes Windows and corrupts the file system
of an Important Person (TM). (or does any other amount on nonsense)

... but it's an amusing throught none the less!


-Andrew


---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: